NAT question

study_voip · ‎03-27-2008

I am thinking hard to find a suitable solution, but did not figure out yet.

thanks in advance for your input.

my diagram like

1.1.1.0/24-----R1-----3.3.3.0/24 T1 link-----R2-----application servers

1.1.1.0/24----R1----4.4.4.0/24----FW1----Internet-----FW2-----application servers

traffic from 1.1.1.0/24 to application servers (like www etc) should go T1 first

if T1 is unavailable, traffic from 1.1.1.0/24 will go to VPN between FW1 and FW2, however, 1.1.1.0/24 must be translated to 6.6.6.0/24 and application servers' IP must be changed as well. (so VPN interesting traffic is from 6.6.6.0/24 to 8.8.8.0/24)

e.g, while using T1 link, one application server, server1(IP is 7.7.7.7), server2(7.7.7.8) while using VPN link, application server still is server1, but IP is 8.8.8.8, server 2 will be 8.8.8.9 etc

I am looking for an automatic failover solution.

also, we don't have any DNS server internally, so using hosts file now, your suggestion for any DNS solution is appreciated as well

thank again

i-kendall · ‎03-28-2008

Here are my first thoughts.

On the router R1 have two static routes. The first is

ip route 7.7.7.0 255.255.255.0 {ip of r2}

the second is

ip route 7.7.7.0 255.255.255.0 {ip of FW1} 200

This makes the first route the preferred one, unless the T1 is down and then it sends the traffic to the firewall. The firewall then needs to be configured to do the NAT translations as needed for both source and destination addresses (if these are PIX or ASA that is fairly straightforward to achieve).

DNS is an application, I do networks (only L1 to L4) :-)

Hope that helps.